In recent years, we’ve seen how rapidly the industrial landscape is evolving — with digitalization, automation, and the integration of production lines into broader IT infrastructure. But this brings an unpleasant reality: industrial companies are becoming increasingly frequent targets for hackers.
While most organizations have relatively good control over their IT systems, devices like PLCs, SCADA systems, and various IoT sensors are often left completely exposed — quite literally unprotected, without a strategy, and with no attention from leadership.
Our Technical Director, Marek Madžo, recently contributed an article on this topic to Hospodárske noviny (SK). Here’s a summary of his most important insights.
OT Devices: A Commonly Overlooked Risk
In traditional IT environments, we have firewalls, antivirus software, and ideally, continuous monitoring by a security team. But in OT (Operational Technology) environments — the backbone of industrial systems — the situation often looks completely different. Many companies lack even a basic idea of how to secure these systems. Worse yet, they mistakenly believe that OT is somehow isolated from cyber threats.
That mindset is exactly what cybercriminals love to exploit.
MITRE ATT&CK for ICS: A Must-Know Tool for Every Security Professional
In Marek’s experience, MITRE ATT&CK for ICS is one of the most important tools available today. We at void SOC use this framework every day.
It helps us better understand how attackers think, what techniques they use, and what kind of damage they can inflict on OT environments. Based on this insight, we can design and implement effective security measures — before any real harm is done.
Additionally, with the MITRE ATT&CK Navigator, we can easily visualize all known techniques, filter them by industry sector, threat groups, or specific vulnerabilities. For companies, this is incredibly useful — you know exactly where your weak points are.
What Does a Modern Attack on a Factory Look Like?
Attackers usually start where it’s easiest — they exploit a vulnerability in an internet-connected device or send a well-crafted phishing email. Once inside, they find weaknesses in account or password security and begin to move laterally through the network.
They collect data, monitor operations, and manipulate control logic. Even worse, they can disable safety mechanisms or change login credentials, leaving your team locked out and unable to respond. The result? Serious operational disruptions, risks to health, safety, the environment, and the company’s reputation — not to mention financial losses.
Tools Evolve, but Tactics Stay the Same
While specific IP addresses, malware, or domains change daily, attackers’ tactics and techniques often remain the same for years. That’s why when protecting OT systems, it’s more effective to monitor what attackers are doing — not what tools they’re using. This is where MITRE ATT&CK comes in — it offers concrete guidance on how to detect, stop, or at least mitigate the impact of specific attack techniques.
Marek’s Final Advice?
If you’re currently evaluating new security solutions for your OT or ICS environment, be sure to check which MITRE ATT&CK techniques those solutions cover.
It’s a practical and objective way to understand where your vulnerabilities lie — and which areas deserve the most attention.
SOCulus_OT
If you’re looking for a way to gain visibility into what’s really happening in your OT network, SOCulus_OT is coming soon — a solution we’re developing specifically for industrial operations.
SOCulus_OT continuously monitors operational technology, identifies suspicious behavior, and helps detect threats early — before they escalate into serious incidents. It’s designed for sectors like manufacturing, energy, transport, and critical infrastructure — environments where every second of downtime carries risk and high costs.
👉 Learn more about SOCulus – our next-generation detection platform.